Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10916 | 1 Siemens | 4 Simatic Pcs 7, Simatic Wincc, Simatic Wincc \(tia Portal\) and 1 more | 2021-10-28 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An attacker with access to the project file could run arbitrary system commands with the privileges of the local database server. The vulnerability could be exploited by an attacker with access to the project file. The vulnerability does impact the confidentiality, integrity, and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2020-21250 | 1 Cszcms | 1 Csz Cms | 2021-10-28 | 7.5 HIGH | 9.8 CRITICAL |
| CSZ CMS v1.2.4 was discovered to contain an arbitrary file upload vulnerability in the component /core/MY_Security.php. | |||||
| CVE-2021-26609 | 1 Mangboard | 1 Mang Board | 2021-10-27 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in Mangboard(WordPress plugin). A SQL-Injection vulnerability was found in order_type parameter. The order_type parameter makes a SQL query using unfiltered data. This vulnerability allows a remote attacker to steal user information. | |||||
| CVE-2021-24769 | 1 Permalink Manager Lite Project | 1 Permalink Manager Lite | 2021-10-27 | 6.5 MEDIUM | 7.2 HIGH |
| The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not validate and escape the orderby parameter before using it in a SQL statement in the Permalink Manager page, leading to a SQL Injection | |||||
| CVE-2021-24662 | 1 Game-server-status Project | 1 Game-server-status | 2021-10-27 | 6.5 MEDIUM | 7.2 HIGH |
| The Game Server Status WordPress plugin through 1.0 does not validate or escape the server_id parameter before using it in SQL statement, leading to an Authenticated SQL Injection in an admin page | |||||
| CVE-2021-24774 | 1 Wpchill | 1 Check \& Log Email | 2021-10-27 | 6.5 MEDIUM | 7.2 HIGH |
| The Check & Log Email WordPress plugin before 1.0.3 does not validate and escape the "order" and "orderby" GET parameters before using them in a SQL statement when viewing logs, leading to SQL injections issues | |||||
| CVE-2021-38481 | 1 Auvesy | 1 Versiondog | 2021-10-26 | 7.5 HIGH | 9.8 CRITICAL |
| The scheduler service running on a specific TCP port enables the user to start and stop jobs. There is no sanitation of the supplied JOB ID provided to the function. An attacker may send a malicious payload that can enable the user to execute another SQL expression by sending a specific string. | |||||
| CVE-2021-41155 | 1 Enalean | 1 Tuleap | 2021-10-22 | 6.5 MEDIUM | 8.8 HIGH |
| Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following versions contain the fix: Tuleap Community Edition 11.17.99.146, Tuleap Enterprise Edition 11.17-5, Tuleap Enterprise Edition 11.16-7. | |||||
| CVE-2021-41154 | 1 Enalean | 1 Tuleap | 2021-10-22 | 6.5 MEDIUM | 8.8 HIGH |
| Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a "SVN core" repository could execute arbitrary SQL queries. The following versions contain the fix: Tuleap Community Edition 11.17.99.144, Tuleap Enterprise Edition 11.17-5, Tuleap Enterprise Edition 11.16-7. | |||||
| CVE-2021-41971 | 1 Apache | 1 Superset | 2021-10-22 | 6.0 MEDIUM | 8.8 HIGH |
| Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom URL. | |||||
| CVE-2021-40992 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2021-10-21 | 6.5 MEDIUM | 7.2 HIGH |
| A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2021-24754 | 1 Mainwp | 1 Mainwp Child Reports | 2021-10-21 | 6.5 MEDIUM | 7.2 HIGH |
| The MainWP Child Reports WordPress plugin before 2.0.8 does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue | |||||
| CVE-2021-41148 | 1 Enalean | 1 Tuleap | 2021-10-21 | 6.5 MEDIUM | 8.8 HIGH |
| Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with the ability to add one the CI widget to its personal dashboard could execute arbitrary SQL queries. Tuleap Community Edition 11.16.99.173, Tuleap Enterprise Edition 11.16-6, and Tuleap Enterprise Edition 11.15-8 contain a patch for this issue. | |||||
| CVE-2021-40993 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2021-10-21 | 5.5 MEDIUM | 8.1 HIGH |
| A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2021-41147 | 1 Enalean | 1 Tuleap | 2021-10-21 | 6.5 MEDIUM | 7.2 HIGH |
| Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with admin rights in one agile dashboard service can execute arbitrary SQL queries. Tuleap Community Edition 11.16.99.173, Tuleap Enterprise Edition 11.16-6, and Tuleap Enterprise Edition 11.15-8 contain a patch for this issue. | |||||
| CVE-2021-42369 | 1 Zucchetti | 1 Imagicle Uc Suite | 2021-10-21 | 6.5 MEDIUM | 8.8 HIGH |
| Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web GUI. | |||||
| CVE-2021-37737 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2021-10-20 | 6.5 MEDIUM | 8.8 HIGH |
| A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2021-42334 | 1 Huaju | 1 Easytest Online Learning Test Platform | 2021-10-20 | 6.5 MEDIUM | 8.8 HIGH |
| The Easytest contains SQL injection vulnerabilities. After obtaining a user’s privilege, remote attackers can inject SQL commands into the parameters of the elective course management page to obtain all database and administrator permissions. | |||||
| CVE-2021-42333 | 1 Huaju | 1 Easytest Online Learning Test Platform | 2021-10-20 | 6.5 MEDIUM | 8.8 HIGH |
| The Easytest contains SQL injection vulnerabilities. After obtaining user’s privilege, remote attackers can inject SQL commands into the parameters of the learning history page to access all database and obtain administrator permissions. | |||||
| CVE-2021-33177 | 1 Nagios | 1 Nagios Xi | 2021-10-20 | 6.5 MEDIUM | 8.8 HIGH |
| The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires the malicious actor to be authenticated to the vulnerable system, but once authenticated they would be able to execute arbitrary sql queries. | |||||